-
不受影响的程序版本

Ettercap Ettercap-NG 0.7.3

-
漏洞讨论

Ettercap is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it as a format specifier in a formatted printing function.

To exploit this vulnerability, an attacker would craft network data that will result in one of the protocol dissectors logging usernames and passwords. Other means of attack may also be possible.

This vulnerability allows remote attackers to modify arbitrary memory locations, resulting in the control of program execution, leading to the ability to execute arbitrary machine code in the context of the affected application.

This vulnerability is only exploitable when the curses user interface is being utilized by a user.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.